Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business

Warlock

| Active

The Warlock ransomware and operator(s) are believed to be attributed to Storm-2603, a China-based threat actor who is also known to have deployed LockBit ransomware. There's also a crossover between victims with Black Basta. Both are RaaS and have a long list of known and unknown affiliates. Having said that, this is possibly an affiliate (likely a cybergroup) of both of those groups. The Alliance & Association would technically be Encryptor Sharing, but this is realistically more of an "Old Affiliate" that created their own ransomware encryptor and operation.
Extension(s): .x2anylock

Victims
 

53

First Discovered
victim

2025-06-11

Last Discovered
victim

2025-09-08

Inactive Since
in day(s)

6

Avg Delay
between attack and claim

32.3 days

Infostealer
for victim with domain

45.8%

View Victims on World Map

View group statistics

Known Locations (3)
Favicon Title Type Available Last Visit Server Info FQDN
favicon Warlock Client Leaked Data Show No 2025-07-11 05:30:13 elqfbcx5nofwtqfookqml7ltx2g6q6tmddys6e25vgu3al2meim6cbqd.onion
favicon WarLock Client Data Leak Show Yes 2025-09-14 18:31:43 zfytizegsze6uiswodhbaalyy5rawaytv2nzyzdkt3susbewviqqh7yd.onion
favicon Yes 2025-09-14 18:32:44 ocwjy4ynmpbbzhumh2ama2vl3bc77lf5auqf7nf4k45lbmzoep2rbyid.onion
Target (Available)
Top 5 Activity Sectors
  • Technology 12
  • Telecommunication 3
  • Agriculture and Food Production 2
  • Financial Services 2
  • Manufacturing 2
Top 5 Countries
  • US flag United States 10
  • JP flag Japan 4
  • GB flag United Kingdom 3
  • IN flag India 2
  • FR flag France 2
Heatmap (Available)
Ransom Notes (1)
Tools Used (Not Available)

No tools used available.

Vulnerabilities Exploited (0)

No vulnerabilities exploited available.

TTPs Matrix (0)

No TTPs available.

Negotiation Chats (0)

No negotiation chats available.

YARA Rules (0)

No YARA rules available.

Indicators of Compromise (IoCs) (4)
SHA256 1 TOX 3
Type IOC
sha256 da8de7257c6897d2220cdf9d4755b15aeb38715807e3665716d2ee761c266fdb
tox 3DCE1C43491FC92EA7010322040B254FDD2731001C2DDC2B9E819F0C946BDC3CD251FA3B694A
tox 84490152E99B9EC4BCFE16080AFCFD6FDCD87512027E85DB318F7B3440982637FC2847F71685
tox F79A71AD8BB2E3E7EDFC38970FDC05E922E429B5DFC325C7D0E91F216DE8F3537C1A1C97F197
Victims (53)
Logo
okan.ru Warlock
Discovery Date: 2025-09-08
finance data...
RU
Logo
mffood.com Warlock
Discovery Date: 2025-09-01
300G data...
DK
Logo
gmpc.com Warlock
Discovery Date: 2025-09-01
No description provided....
Logo
airfastindonesia.com Warlock
Discovery Date: 2025-08-25
all user data...
ID
Logo
infoniqa.com Warlock
Discovery Date: 2025-08-18
165g data, including internal documents, financial documents, employee information, CRM database, HR...
AT
Logo
gmtaconline Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-07-04
The data has been bought by other buyers (not victims)...
PH
Logo
woodboure Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-07-04
The data has been bought by other buyers (not victims)...
Logo
STRGOME Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-07-04
The data has been bought by other buyers (not victims)...
Logo
argeninta Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-07-04
The data has been bought by other buyers (not victims)...
Logo
houra Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-07-04
The data has been bought by other buyers (not victims)...
FR
Logo
houxt Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-07-04
The data has been bought by other buyers (not victims)...
GB
Logo
getdomain Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-07-04
The data has been bought by other buyers (not victims)...
DK
Logo
kipl Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-06-25
The customer has not paid, and there are no other buyers within the validity period, please enjoy yo...
IN
Logo
nszi Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-06-25
The customer has not paid, and there are no other buyers within the validity period, please enjoy yo...
Logo
accsnet.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-09
all data...
JP
Logo
advion.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-09
all data...
US
Logo
mysecop.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-07-29
all data...
Logo
atcmanufacturing Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-09
all data...
Logo
orange.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-09
This is only a part of the files and file list. The full set of files needs to be purchased separate...
FR
Logo
anthembio.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-09
all data...
US
Logo
syspro.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-09
all data...
US
Logo
brightwork.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-09
[AI generated] BrightWork.com is a project management software company that provides solutions for t...
US
Logo
starsalliance.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-06
The data has been purchased by other buyers...
Logo
sipecom.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-06
all data...
EC
Logo
wytechnology.local Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-07
The data has been purchased by other buyers...
Logo
webcids.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-08
all data...
US
Logo
rougine-mfg.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-08
all data...
US
Logo
magcpa.com Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-14
all data...
US
Logo
wfd2027uae.ae Warlock
Discovery Date: 2025-08-17
Estimated Attack Date: 2025-08-15
all data...
AE
Logo
tagorg.com Warlock
Discovery Date: 2025-08-17
all data...
JO
Logo
hitachi-hta.com Warlock
Discovery Date: 2025-08-17
all data...
JP
Logo
primrose.com Warlock
Discovery Date: 2025-08-17
all data...
GB
Logo
clearybuilding.us Warlock
Discovery Date: 2025-08-17
all data...
US
Logo
colt.net Warlock
Discovery Date: 2025-08-17
1 million documents,The full set of files needs to be purchased separately....
GB
Logo
currimjee Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-05-02
[AI generated] Currimjee Group is a Mauritian company engaged in diversified sectors since 1890. Its...
MU
Logo
via-optronics Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-05-02
[AI generated] Via Optronics is a global technology company that specializes in the production of in...
DE
Logo
iberol Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-04-10
[AI generated] N/A...
ES
Logo
eira-group Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-04-10
[AI generated] N/A...
FI
Logo
KMMP Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-04-28
[AI generated] N/A...
JP
Logo
nipponindiaim Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-04-30
[AI generated] Nippon India Mutual Fund (NIMF), previously known as Reliance Mutual Fund, is one of ...
IN
Logo
unilever Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-04-15
[AI generated] Unilever is a multinational corporation that sells branded consumer goods. Founded in...
NL
Logo
Ersar Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-04-04
[AI generated] N/A...
Logo
NCVOO Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-04-04
[AI generated] N/A...
BM
Logo
BTHK Warlock
Discovery Date: 2025-06-11
Estimated Attack Date: 2025-04-02
All data...
HK
Logo
lactanet Warlock
Discovery Date: 2025-06-11
[AI generated] Lactanet is an agricultural company that provides critical information and innovative...
CA
Logo
ssi-mi Warlock
Discovery Date: 2025-06-11
[AI generated] N/A...
JP
Logo
dad Warlock
Discovery Date: 2025-06-11
[AI generated] N/A...
Logo
astronika Warlock
Discovery Date: 2025-06-11
[AI generated] Astronika is a Polish company that specializes in high-tech engineering solutions, wi...
PL
Logo
sras Warlock
Discovery Date: 2025-06-11
[AI generated] N/A...
Logo
icidesi Warlock
Discovery Date: 2025-06-11
[AI generated] N/A...
TR
Logo
taos Warlock
Discovery Date: 2025-06-11
[AI generated] Taos is a technology services and consulting firm that specializes in cloud, DevOps, ...
US
Logo
carducci Warlock
Discovery Date: 2025-06-11
[AI generated] Carducci is an esteemed fashion brand hailing from Cape Town, South Africa. Founded i...
Logo
Arch-con Warlock
Discovery Date: 2025-06-11
[AI generated] Arch-Con Corporation is a commercial construction company based in Houston, Texas. Th...
US